Merge branch 'feature/V8-5715-vrifier-les-droits-des-entits-et' into develop

src/Entity/Billing/ResidenceArea.php

@@ -31,17 +31,18 @@ use Doctrine\ORM\Mapping as ORM;
             security: 'is_granted(\'ROLE_ORGANIZATION_VIEW\') and object.getBillingSetting().getOrganization().getId() == user.getOrganization().getId()'
         ),
         new Put(
-            security: 'object.getBillingSetting().getOrganization().getId() == user.getOrganization().getId()'
+            security: 'is_granted(\'ROLE_ORGANIZATION\') and object.getBillingSetting().getOrganization().getId() == user.getOrganization().getId()'
         ),
         new Delete(
-            security: 'object.getBillingSetting().getOrganization().getId() == user.getOrganization().getId()'
+            security: 'is_granted(\'ROLE_ORGANIZATION\') and object.getBillingSetting().getOrganization().getId() == user.getOrganization().getId()'
         ),
         new GetCollection(
-            security: 'is_granted(\'ROLE_ORGANIZATION_VIEW\')'
+            security: 'is_granted(\'ROLE_ORGANIZATION\')'
         ),
-        new Post(),
-    ],
-    security: 'is_granted(\'ROLE_ORGANIZATION\')'
+        new Post(
+            security: 'is_granted(\'ROLE_ORGANIZATION\')'
+        ),
+    ]
 )]
 // #[Auditable]
 #[BillingSettingDefaultValue(fieldName: 'billingSetting')]

src/Entity/Booking/AttendanceBookingReason.php

@@ -27,16 +27,16 @@ use Doctrine\ORM\Mapping as ORM;
             security: 'is_granted(\'ROLE_ORGANIZATION_VIEW\') and object.getOrganization().getId() == user.getOrganization().getId()'
         ),
         new Put(
-            security: 'is_granted(\'ROLE_ORGANIZATION_VIEW\') and is_granted(\'ROLE_GENERAL_CONFIG\') and object.getOrganization().getId() == user.getOrganization().getId()'
+            security: 'is_granted(\'ROLE_ORGANIZATION\') and object.getOrganization().getId() == user.getOrganization().getId()'
         ),
         new Delete(
-            security: 'is_granted(\'ROLE_ORGANIZATION_VIEW\') and is_granted(\'ROLE_GENERAL_CONFIG\') and object.getOrganization().getId() == user.getOrganization().getId()'
+            security: 'is_granted(\'ROLE_ORGANIZATION\') and object.getOrganization().getId() == user.getOrganization().getId()'
         ),
         new GetCollection(
             security: 'is_granted(\'ROLE_ORGANIZATION_VIEW\')'
         ),
         new Post(
-            security: 'is_granted(\'ROLE_ORGANIZATION_VIEW\') and is_granted(\'ROLE_GENERAL_CONFIG\')'
+            security: 'is_granted(\'ROLE_ORGANIZATION\')'
         )]
 )]
 // #[Auditable]

src/Entity/Education/Cycle.php

@@ -30,13 +30,12 @@ use Doctrine\ORM\Mapping as ORM;
             security: 'is_granted(\'ROLE_ORGANIZATION_VIEW\') and object.getOrganization().getId() == user.getOrganization().getId()'
         ),
         new Put(
-            security: 'object.getOrganization().getId() == user.getOrganization().getId()'
+            security: 'is_granted(\'ROLE_ORGANIZATION\') and object.getOrganization().getId() == user.getOrganization().getId()'
         ),
         new GetCollection(
             security: 'is_granted(\'ROLE_ORGANIZATION_VIEW\')'
         ),
-    ],
-    security: 'is_granted(\'ROLE_ORGANIZATION\')'
+    ]
 )]
 // #[Auditable]
 #[ORM\Entity(repositoryClass: CycleRepository::class)]

src/Entity/Education/EducationTiming.php

@@ -28,20 +28,21 @@ use Doctrine\ORM\Mapping as ORM;
 #[ApiResource(
     operations: [
         new Get(
-            security: 'is_granted(\'ROLE_ORGANIZATION_VIEW\') and object.getOrganization().getId() == user.getOrganization().getId()'
+            security: 'is_granted("ROLE_ORGANIZATION_VIEW") and object.getOrganization().getId() == user.getOrganization().getId()'
         ),
         new Put(
-            security: 'object.getOrganization().getId() == user.getOrganization().getId()'
+            security: 'is_granted("ROLE_ORGANIZATION") and object.getOrganization().getId() == user.getOrganization().getId()'
         ),
         new Delete(
-            security: 'object.getOrganization().getId() == user.getOrganization().getId()'
+            security: 'is_granted("ROLE_ORGANIZATION") and object.getOrganization().getId() == user.getOrganization().getId()'
         ),
         new GetCollection(
-            security: 'is_granted(\'ROLE_ORGANIZATION_VIEW\')'
+            security: 'is_granted("ROLE_ORGANIZATION_VIEW")'
         ),
-        new Post(),
-    ],
-    security: 'is_granted(\'ROLE_ORGANIZATION\')'
+        new Post(
+            security: 'is_granted("ROLE_ORGANIZATION")'
+        ),
+    ]
 )]
 // #[Auditable]
 #[OrganizationDefaultValue(fieldName: 'organization')]

src/Entity/Organization/Parameters.php

@@ -28,7 +28,7 @@ use Symfony\Component\Validator\Constraints as Assert;
 #[ApiResource(
     operations: [
         new Get(
-            security: '(is_granted("ROLE_ORGANIZATION_VIEW") or is_granted("ROLE_ORGANIZATION")) and object.getOrganization().getId() == user.getOrganization().getId()'
+            security: 'is_granted("ROLE_ORGANIZATION_VIEW") and object.getOrganization().getId() == user.getOrganization().getId()'
         ),
         new Put(
             security: 'is_granted("ROLE_ORGANIZATION") and object.getOrganization().getId() == user.getOrganization().getId()'

src/Entity/Organization/Subdomain.php

@@ -30,12 +30,14 @@ use Symfony\Component\Validator\Constraints as Assert;
 #[ApiResource(
     operations: [
         new Get(
-            security: '(is_granted("ROLE_ORGANIZATION_VIEW") or is_granted("ROLE_ORGANIZATION")) and object.getOrganization().getId() == user.getOrganization().getId()'
+            security: 'is_granted("ROLE_ORGANIZATION_VIEW") and object.getOrganization().getId() == user.getOrganization().getId()'
         ),
         new Put(
             security: 'is_granted("ROLE_ORGANIZATION") and object.getOrganization().getId() == user.getOrganization().getId()'
         ),
-        new GetCollection(),
+        new GetCollection(
+            security: 'is_granted("ROLE_ORGANIZATION_VIEW")'
+        ),
         new Post(
             security: 'is_granted("ROLE_ORGANIZATION")'
         ),